CVE Catalog

CVE-2025-54771

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

A use-after-free vulnerability has been identified in GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service.

Risk Assessment

The risk for the organization includes potential denial of service that could prevent system boot. Possible data integrity or confidentiality compromise is not discarded.

Recommendation

It is recommended to immediately update GRUB to the latest available version containing the fix. Monitor official security advisories from the operating system distribution.

Original NVD description (English source)

A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS